Search CVE reports
11 – 20 of 26 results
CVE-2017-15994
Low priorityrsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync...
1 affected packages
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | Not affected | Not affected |
CVE-2016-9843
Low prioritySome fixes available 14 of 19
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-9842
Low prioritySome fixes available 14 of 19
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-9841
Low prioritySome fixes available 21 of 25
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-9840
Low prioritySome fixes available 21 of 25
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2014-8242
Low prioritylibrsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
1 affected packages
librsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| librsync | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2014-9512
Medium prioritySome fixes available 4 of 6
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
1 affected packages
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
CVE-2014-2855
Medium priorityThe check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
1 affected packages
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
CVE-2011-1097
Medium priorityrsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code...
1 affected packages
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | — |
CVE-2008-5150
Negligible prioritysample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
1 affected packages
maildirsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| maildirsync | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |